Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers keep redirecting, Possible infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 TheBeaver

TheBeaver

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 13 April 2015 - 10:30 PM

I'm using Windows 8.1 64 bit and I've had the issue on both Google Chrome and Internet Explorer. While browsing randomly when I click it will redirect me to websites that many of which have prompted AVG to stop me from going to. The others have just been riddled with ads. 

 

I've tried using AVG to find it and have come up empty. I then tried TDSSkiller and got nothing also.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015

Ran by gchri_000 (administrator) on PIMPDADDY on 13-04-2015 20:58:15
Running from C:\Users\gchri_000\Downloads
Loaded Profiles: gchri_000 (Available profiles: gchri_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Stagelight\StagelightUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3918\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5669\Battle.net.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe
(AVG Technologies) C:\Users\gchri_000\Downloads\avg_free_stb_all_5863p1_177.exe
(AVG Technologies CZ, s.r.o.) C:\Users\gchri_000\AppData\Local\Temp\7zS926F.tmp\avgmfapx.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avguirux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [StageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe [1397208 2014-08-29] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-01-15] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-01-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-01-15] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Run_dregol] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\GCHRI_~1\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9797416 2015-02-24] (Visicom Media Inc.)
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\RunOnce: [Run_dregol] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\GCHRI_~1\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\...\MountPoints2: {a6ef869a-dd95-11e4-8262-1008b1e3ac6c} - "E:\VZW_Software_upgrade_assistant.exe" 
AppInit_DLLs: C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-08-25] (ClientConnect LTD)
AppInit_DLLs:  C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:/PROGRA~3/{FC881~1/193~1.1/rari.dll => C:\ProgramData\{FC88144B-AC0A-C5CD-1D8C-B54FCD0E66C1}\1.9.3.1\rari.dll [1010688 2015-04-08] ()
AppInit_DLLs-x32:  C:\PROGRA~2\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-08-25] (ClientConnect LTD)
AppInit_DLLs-x32:  C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-09-26] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\gchri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.lenovo.com
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.lenovo.com
HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-07] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-13]
CHR Extension: (YouTube) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-13]
CHR Extension: (Adblock Plus) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-13]
CHR Extension: (Google Search) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Skype Click to Call) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\gchri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3707545895-3325433372-1259030164-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [977664 2014-07-10] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
S4 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2538824 2014-08-25] (ClientConnect LTD)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-16] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-01-15] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-01-15] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1844024 2014-08-01] (Maxthon)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-01-15] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-01-15] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-01-15] (Lenovo)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-01-15] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569624 2014-07-03] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-23] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
R1 swsenfd_1_10_0_13; system32\drivers\swsenfd_1_10_0_13.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 20:58 - 2015-04-13 20:59 - 00026780 _____ () C:\Users\gchri_000\Downloads\FRST.txt
2015-04-13 20:57 - 2015-04-13 20:58 - 00000000 ____D () C:\FRST
2015-04-13 20:57 - 2015-04-13 20:57 - 02096640 _____ (Farbar) C:\Users\gchri_000\Downloads\FRST64.exe
2015-04-13 20:50 - 2015-04-13 20:50 - 00000992 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-13 20:50 - 2015-04-13 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-13 20:48 - 2015-04-13 20:48 - 04818760 _____ (AVG Technologies) C:\Users\gchri_000\Downloads\avg_free_stb_all_5863p1_177.exe
2015-04-13 08:28 - 2015-04-13 08:28 - 00000000 __SHD () C:\Users\gchri_000\AppData\Local\EmieBrowserModeList
2015-04-13 08:11 - 2015-04-13 18:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-13 08:06 - 2015-04-13 08:06 - 04176437 _____ () C:\Users\gchri_000\Downloads\tdsskiller.zip
2015-04-13 08:01 - 2015-04-13 08:02 - 00004442 _____ () C:\Users\gchri_000\Downloads\software_removal_tool.log
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\TuneUp Software
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\AVG2015
2015-04-12 22:17 - 2015-04-13 20:50 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-12 22:17 - 2015-04-12 22:17 - 00000000 ___HD () C:\$AVG
2015-04-12 22:17 - 2015-04-12 22:17 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-12 22:13 - 2015-04-13 20:53 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-12 22:13 - 2015-04-12 22:22 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Avg2015
2015-04-12 22:13 - 2015-04-12 22:13 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\MFAData
2015-04-12 22:00 - 2015-04-13 08:29 - 00000000 ____D () C:\Users\gchri_000\Downloads\Game of Thrones - The Complete Season 4 [HDTV]
2015-04-12 12:54 - 2015-04-12 12:55 - 00000514 _____ () C:\Users\gchri_000\Downloads\Atlas_MistsofPandaria_v1.31.01.zip
2015-04-12 12:54 - 2015-04-12 12:55 - 00000478 _____ () C:\Users\gchri_000\Downloads\Atlas_Cataclysm_v1.31.01.zip
2015-04-10 10:57 - 2015-04-10 10:57 - 01054416 _____ () C:\Users\gchri_000\Downloads\GatherMate2-1.33.5 (1).zip
2015-04-10 10:57 - 2015-04-10 10:57 - 00380070 _____ () C:\Users\gchri_000\Downloads\GatherMate2_Data-v25.8.zip
2015-04-10 10:56 - 2015-04-10 10:56 - 01054416 _____ () C:\Users\gchri_000\Downloads\GatherMate2-1.33.5.zip
2015-04-08 16:38 - 2015-04-08 16:38 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Nitro
2015-04-08 04:09 - 2015-03-03 07:17 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-04-08 03:59 - 2015-04-08 03:59 - 00055296 ___SH () C:\Users\gchri_000\Documents\Thumbs.db
2015-04-08 01:53 - 2015-04-08 02:16 - 00004535 _____ () C:\Users\gchri_000\AppData\Roaming\CamStudio.cfg
2015-04-08 01:53 - 2015-04-08 02:16 - 00000408 _____ () C:\Users\gchri_000\AppData\Roaming\CamShapes.ini
2015-04-08 01:53 - 2015-04-08 02:16 - 00000408 _____ () C:\Users\gchri_000\AppData\Roaming\CamLayout.ini
2015-04-08 01:53 - 2015-04-08 02:16 - 00000096 _____ () C:\Users\gchri_000\AppData\Roaming\Camdata.ini
2015-04-08 01:51 - 2015-04-08 01:51 - 00003830 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1428479504
2015-04-08 01:51 - 2015-04-08 01:51 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-08 01:51 - 2015-04-08 01:51 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Opera Software
2015-04-08 01:51 - 2015-04-08 01:51 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Opera Software
2015-04-08 01:50 - 2015-04-13 20:50 - 00000796 _____ () C:\windows\Tasks\Dregol rari.job
2015-04-08 01:50 - 2015-04-13 20:50 - 00000326 _____ () C:\windows\Tasks\Run_dregol.job
2015-04-08 01:50 - 2015-04-13 17:55 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Run_dregol
2015-04-08 01:50 - 2015-04-13 17:55 - 00000000 ____D () C:\ProgramData\{FC88144B-AC0A-C5CD-1D8C-B54FCD0E66C1}
2015-04-08 01:50 - 2015-04-08 03:52 - 00000096 _____ () C:\Users\gchri_000\AppData\Roaming\version2.xml
2015-04-08 01:50 - 2015-04-08 01:50 - 00003806 _____ () C:\windows\System32\Tasks\Dregol rari
2015-04-08 01:50 - 2015-04-08 01:50 - 00002664 _____ () C:\windows\System32\Tasks\Run_dregol
2015-04-08 00:22 - 2015-04-08 16:36 - 00000000 ____D () C:\Users\gchri_000\Desktop\Phone photos
2015-04-08 00:14 - 2015-04-13 17:55 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-04-08 00:14 - 2015-04-08 00:14 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-04-08 00:14 - 2015-04-08 00:14 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-07 10:15 - 2015-04-13 18:07 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\uTorrent
2015-04-07 10:14 - 2015-04-07 10:14 - 01741904 _____ (BitTorrent Inc.) C:\Users\gchri_000\Downloads\uTorrent.exe
2015-04-06 21:23 - 2015-04-08 08:06 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\vlc
2015-04-06 21:01 - 2015-04-13 17:54 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-04-06 21:01 - 2015-04-06 21:01 - 00001097 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-06 21:01 - 2015-04-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-06 20:59 - 2015-04-06 20:59 - 28509232 _____ () C:\Users\gchri_000\Downloads\vlc-2.2.0-win32.exe
2015-03-28 11:31 - 2015-04-13 18:17 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\ManyCam
2015-03-28 11:31 - 2015-03-28 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2015-03-28 11:30 - 2015-04-13 17:54 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2015-03-28 11:30 - 2015-03-28 11:30 - 49484792 _____ (Visicom Media Inc.) C:\Users\gchri_000\Downloads\ManyCamSetup.exe
2015-03-28 11:30 - 2015-03-28 11:30 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\ManyCam
2015-03-28 11:30 - 2015-03-28 11:30 - 00000000 ____D () C:\ProgramData\ManyCam
2015-03-25 17:19 - 2015-03-10 20:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 17:19 - 2015-03-10 16:08 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-25 17:19 - 2015-03-10 16:08 - 00943104 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 17:19 - 2015-03-10 16:08 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 17:19 - 2015-03-10 16:08 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 17:19 - 2015-03-10 16:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 17:19 - 2015-03-10 16:08 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2015-03-24 08:04 - 2015-03-24 08:04 - 00073595 _____ () C:\Users\gchri_000\Downloads\Super Legendary Saves!.zip
2015-03-23 20:09 - 2015-04-13 17:54 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-03-23 20:09 - 2015-03-24 20:54 - 00000000 ____D () C:\Users\gchri_000\Documents\StarCraft II
2015-03-23 20:09 - 2015-03-23 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-03-21 15:08 - 2015-04-13 17:54 - 00000000 ____D () C:\Program Files (x86)\Express Find
2015-03-21 15:08 - 2015-03-21 15:08 - 00000000 __SHD () C:\ProgramData\360Quarant
2015-03-21 15:08 - 2015-03-21 15:08 - 00000000 __SHD () C:\$360Section
2015-03-21 15:08 - 2015-03-21 15:08 - 00000000 ____D () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d
2015-03-21 15:07 - 2015-04-13 18:07 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\OpenCandy
2015-03-21 15:07 - 2015-04-13 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-03-21 15:07 - 2015-04-13 17:53 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-03-21 15:07 - 2015-03-21 15:09 - 00000000 ____D () C:\Users\gchri_000\Documents\My Cheat Tables
2015-03-21 15:07 - 2015-03-21 15:07 - 00001112 _____ () C:\Users\gchri_000\Desktop\Cheat Engine.lnk
2015-03-21 15:07 - 2015-03-21 15:07 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-21 15:06 - 2015-03-21 15:06 - 09056784 _____ (Cheat Engine ) C:\Users\gchri_000\Downloads\CheatEngine64.exe
2015-03-21 08:52 - 2015-04-13 17:55 - 00000000 ____D () C:\Users\gchri_000\Documents\My Games
2015-03-21 08:52 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2015-03-19 16:05 - 2015-03-19 16:05 - 00289248 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgwfpa.sys
2015-03-15 14:58 - 2015-03-20 19:43 - 00008224 _____ () C:\Users\gchri_000\Documents\TombRaider.log
2015-03-15 14:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2015-03-15 14:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2015-03-15 14:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2015-03-15 14:58 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2015-03-15 14:58 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2015-03-15 14:58 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2015-03-15 14:58 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2015-03-15 14:58 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2015-03-15 14:58 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2015-03-15 14:58 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2015-03-15 14:58 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2015-03-15 14:58 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2015-03-15 14:58 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2015-03-15 14:58 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2015-03-15 14:58 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2015-03-15 14:58 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2015-03-15 14:58 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2015-03-15 14:58 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2015-03-15 14:58 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 20:58 - 2015-03-07 18:40 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Battle.net
2015-04-13 20:55 - 2015-03-07 16:53 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3707545895-3325433372-1259030164-1001
2015-04-13 20:50 - 2013-08-22 09:36 - 00000000 ___HD () C:\windows\ELAMBKUP
2015-04-13 20:30 - 2015-03-07 18:25 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 20:03 - 2015-01-15 11:25 - 01635874 _____ () C:\windows\WindowsUpdate.log
2015-04-13 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
2015-04-13 18:54 - 2015-03-07 16:46 - 00000000 ____D () C:\Users\gchri_000
2015-04-13 18:53 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
2015-04-13 18:22 - 2015-01-15 12:12 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2015-04-13 18:18 - 2015-03-08 00:27 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Skype
2015-04-13 18:18 - 2014-03-18 03:53 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-13 18:17 - 2015-03-08 00:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-13 18:17 - 2015-03-07 23:58 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Deployment
2015-04-13 18:16 - 2015-03-07 16:51 - 00000000 ___RD () C:\Users\gchri_000\OneDrive
2015-04-13 18:15 - 2015-03-07 18:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-04-13 18:15 - 2015-03-07 18:25 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 18:15 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
2015-04-13 18:12 - 2015-03-13 17:53 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-13 18:12 - 2015-03-13 17:53 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-13 18:11 - 2015-01-15 12:15 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-13 18:11 - 2015-01-15 12:15 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-04-13 18:11 - 2015-01-15 11:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-13 18:11 - 2013-08-22 08:46 - 00029815 _____ () C:\windows\setupact.log
2015-04-13 18:11 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\WinStore
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\MediaViewer
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\FileManager
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-04-13 18:08 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-13 18:07 - 2015-03-08 09:06 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Ventrilo
2015-04-13 18:07 - 2015-03-07 18:40 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Battle.net
2015-04-13 18:07 - 2015-03-07 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-13 18:07 - 2015-03-07 16:51 - 00000000 ____D () C:\ProgramData\LU
2015-04-13 18:07 - 2015-03-07 16:47 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Packages
2015-04-13 18:07 - 2015-01-15 12:23 - 00000000 ____D () C:\ProgramData\Office2013
2015-04-13 18:07 - 2015-01-15 12:20 - 00000000 ____D () C:\Program Files\Lenovo PhoneCompanion
2015-04-13 18:07 - 2015-01-15 12:19 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-13 18:07 - 2015-01-15 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-13 18:07 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-04-13 17:59 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\registration
2015-04-13 17:58 - 2014-03-18 03:25 - 00000000 ____D () C:\windows\SysWOW64\winrm
2015-04-13 17:58 - 2014-03-18 03:25 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2015-04-13 17:58 - 2014-03-18 03:25 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2015-04-13 17:58 - 2014-03-18 03:25 - 00000000 ____D () C:\windows\system32\winrm
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Web
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Vss
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\vpnplugins
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\WindowsPowerShell
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\uk-UA
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\th-TH
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\sr-Latn-RS
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\spp
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\Speech
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\sl-SI
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\sk-SK
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\ro-RO
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\networklist
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\MUI
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\MsDtc
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\lv-LV
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\lt-LT
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\Licenses
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\InstallShield
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\IME
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\hr-HR
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\he-IL
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\et-EE
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\en-GB
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\Com
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\bg-BG
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\ar-SA
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SystemResources
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\zh-HK
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\WindowsPowerShell
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\WindowsInternal.Inbox.Shared
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\WindowsInternal.Inbox.Media.Shared
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\WinBioPlugIns
2015-04-13 17:58 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\System
2015-04-13 17:58 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\SysWOW64\oobe
2015-04-13 17:58 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-04-13 17:57 - 2014-03-18 03:25 - 00000000 ____D () C:\windows\system32\slmgr
2015-04-13 17:57 - 2014-03-18 03:25 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\uk-UA
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\tr-TR
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\th-TH
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\spp
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\spool
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\Speech
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sl-SI
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sk-SK
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\ro-RO
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\networklist
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\MUI
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\MsDtc
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\migwiz
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\Macromed
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\lv-LV
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\lt-LT
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\Licenses
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\InputMethod
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\IME
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\hr-HR
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\he-IL
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\et-EE
2015-04-13 17:57 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\en-GB
2015-04-13 17:57 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\SMI
2015-04-13 17:57 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\oobe
2015-04-13 17:56 - 2015-01-15 12:12 - 00000000 ____D () C:\windows\Downloaded Installations
2015-04-13 17:56 - 2014-03-18 03:38 - 00000000 ____D () C:\windows\SKB
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ___SD () C:\windows\system32\dsc
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ___SD () C:\windows\system32\Configuration
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\DesktopTileResources
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\Com
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\bg-BG
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\ar-SA
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Speech
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\security
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\schemas
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Resources
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\PLA
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Performance
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\InputMethod
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\IME
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Help
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Globalization
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Camera
2015-04-13 17:56 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\Branding
2015-04-13 17:56 - 2013-08-22 08:45 - 00000000 ____D () C:\windows\Setup
2015-04-13 17:56 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\Dism
2015-04-13 17:56 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\servicing
2015-04-13 17:55 - 2015-03-08 00:27 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Skype
2015-04-13 17:55 - 2015-03-08 00:27 - 00000000 ____D () C:\ProgramData\Skype
2015-04-13 17:55 - 2015-03-07 23:58 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Apps\2.0
2015-04-13 17:55 - 2015-03-07 18:47 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Razer_Inc
2015-04-13 17:55 - 2015-03-07 18:40 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-13 17:55 - 2015-03-07 18:28 - 00000000 ____D () C:\ProgramData\Battle.net
2015-04-13 17:55 - 2015-03-07 18:25 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Google
2015-04-13 17:55 - 2015-03-07 16:51 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-04-13 17:55 - 2015-03-07 16:49 - 00000000 ____D () C:\Users\gchri_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-13 17:55 - 2015-03-07 16:47 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\NVIDIA
2015-04-13 17:55 - 2015-03-07 16:46 - 00000000 ____D () C:\Users\gchri_000\AppData\Local\Pokki
2015-04-13 17:55 - 2015-01-15 12:20 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2015-04-13 17:55 - 2015-01-15 12:11 - 00000000 ____D () C:\ProgramData\Temp
2015-04-13 17:55 - 2015-01-15 12:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-13 17:55 - 2015-01-15 12:11 - 00000000 ____D () C:\ProgramData\install_clap
2015-04-13 17:55 - 2015-01-15 12:10 - 00000000 ____D () C:\ProgramData\Nitro
2015-04-13 17:55 - 2015-01-15 12:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Pokki
2015-04-13 17:55 - 2015-01-15 12:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Pokki
2015-04-13 17:55 - 2015-01-15 12:08 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-13 17:55 - 2015-01-15 11:47 - 00000000 ____D () C:\Program Files\Realtek
2015-04-13 17:55 - 2015-01-15 11:43 - 00000000 ____D () C:\Program Files\Synaptics
2015-04-13 17:55 - 2015-01-15 11:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-13 17:55 - 2015-01-15 11:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-13 17:55 - 2015-01-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-13 17:55 - 2015-01-15 11:35 - 00000000 ____D () C:\ProgramData\Intel
2015-04-13 17:55 - 2014-04-03 12:24 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-13 17:55 - 2014-04-03 12:24 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-13 17:55 - 2014-03-18 03:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-13 17:55 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-13 17:55 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppCompat
2015-04-13 17:55 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\ADFS
2015-04-13 17:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-13 17:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-13 17:55 - 2013-08-22 07:36 - 00000000 ___HD () C:\Users\Default
2015-04-13 17:54 - 2015-03-08 12:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-13 17:54 - 2015-03-08 00:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-13 17:54 - 2015-03-07 18:45 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-04-13 17:54 - 2015-03-07 18:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-13 17:54 - 2015-01-15 12:22 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2015-04-13 17:54 - 2015-01-15 12:16 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 17:54 - 2015-01-15 12:16 - 00000000 ____D () C:\Program Files\CyberLink
2015-04-13 17:54 - 2015-01-15 12:13 - 00000000 ____D () C:\Program Files (x86)\Maxthon
2015-04-13 17:54 - 2015-01-15 12:13 - 00000000 ____D () C:\Program Files (x86)\LenovoBrowserGuard
2015-04-13 17:54 - 2015-01-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-13 17:54 - 2015-01-15 12:11 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-04-13 17:54 - 2015-01-15 12:10 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2015-04-13 17:54 - 2015-01-15 12:10 - 00000000 ____D () C:\Program Files (x86)\Nitro
2015-04-13 17:54 - 2015-01-15 11:48 - 00000000 ____D () C:\Program Files\Dolby Digital Plus
2015-04-13 17:54 - 2015-01-15 11:48 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-13 17:54 - 2015-01-15 11:43 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-13 17:54 - 2015-01-15 11:42 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-13 17:54 - 2015-01-15 11:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-13 17:54 - 2015-01-15 11:35 - 00000000 ____D () C:\Program Files\Intel
2015-04-13 17:54 - 2015-01-15 11:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-13 17:54 - 2015-01-15 11:34 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-13 17:54 - 2014-04-03 12:24 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-13 17:54 - 2014-04-03 12:24 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-13 17:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-13 17:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-13 17:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-13 17:54 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows NT
2015-04-13 17:53 - 2015-03-07 23:42 - 00000000 ____D () C:\NVIDIA
2015-04-13 17:53 - 2015-01-15 12:20 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-04-13 08:19 - 2014-03-18 03:44 - 00008564 _____ () C:\windows\PFRO.log
2015-04-12 22:22 - 2013-08-22 07:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-04-09 20:20 - 2015-03-07 17:55 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8365AE89-3C83-4B55-BF14-C84594BB0F61}
2015-04-08 16:36 - 2015-03-07 16:49 - 00000000 ___RD () C:\Users\gchri_000\Documents\Bluetooth Exchange Folder
2015-04-08 01:50 - 2015-03-07 18:26 - 00002214 _____ () C:\Users\gchri_000\Desktop\Google Chrome.lnk
2015-04-07 09:02 - 2015-03-07 18:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2015-04-08 01:53 - 2015-04-08 02:16 - 0000096 _____ () C:\Users\gchri_000\AppData\Roaming\Camdata.ini
2015-04-08 01:53 - 2015-04-08 02:16 - 0000408 _____ () C:\Users\gchri_000\AppData\Roaming\CamLayout.ini
2015-04-08 01:53 - 2015-04-08 02:16 - 0000408 _____ () C:\Users\gchri_000\AppData\Roaming\CamShapes.ini
2015-04-08 01:53 - 2015-04-08 02:16 - 0004535 _____ () C:\Users\gchri_000\AppData\Roaming\CamStudio.cfg
2015-04-08 01:50 - 2015-04-08 03:52 - 0000096 _____ () C:\Users\gchri_000\AppData\Roaming\version2.xml
2015-01-15 11:48 - 2015-01-15 11:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\gchri_000\AppData\Local\Temp\mccspuninstall.exe
C:\Users\gchri_000\AppData\Local\Temp\oct6341.tmp.exe
C:\Users\gchri_000\AppData\Local\Temp\SPSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-12 09:28
 
==================== End Of Log ============================

Attached Files


Edited by hamluis, 16 April 2015 - 01:55 PM.
Removed dupe data - Hamluis.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:59 AM

Posted 16 April 2015 - 01:13 PM

Hello TheBeaver and welcome to BleepingComputer!           :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.            :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

I've sent my next steps to my instructors, please wait a bit.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:59 AM

Posted 16 April 2015 - 01:43 PM

Do you use Maxthon Cloud Browser and Pokki Start Menu?

 

-------------

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:59 AM

Posted 20 April 2015 - 11:57 AM

It had been three days since my last reply. Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:59 AM

Posted 23 April 2015 - 10:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users